Expand description
AWS KMS signing backend for secretx.
Implements SigningBackend for AWS KMS asymmetric keys. The private key
never leaves AWS — all signing operations are performed inside KMS.
§URI format
secretx:aws-kms:<key-id>[?algorithm=<algo>]Where <key-id> is a KMS key UUID, alias ARN (alias/my-key), or key ARN,
and <algo> is one of ecdsa-p256 (default) or rsa-pss-2048.
§Example
use secretx_aws_kms::AwsKmsBackend;
use secretx_core::SigningBackend;
let backend = AwsKmsBackend::from_uri(
"secretx:aws-kms:alias/my-signing-key?algorithm=ecdsa-p256",
)?;
let sig = backend.sign(b"hello world").await?;Structs§
- AwsKms
Backend - AWS KMS signing backend.